Mand
Hi, What SVN client are you using? It might be best to try and setup the repository with basic uberSVN authentication first, just to test that the configuration works before bringing LDAP into the mix.
tamas.szerb
With internal authentication works like charm: now what should I do to get working the LDAP? I'm very interested in the SVN Access Control, and I'd like to make some progress to evaluate it.
Mand
Can you show us your LDAP location settings in uberSVN?
tamas.szerb
It can be similar to: ldap://ldap.server:389/dc=tstdc,dc=tstcorp,dc=com?sAMAccountName?sub?(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectClass=person)(employeeType=*)(employeeNumber=*)(memberOf=CN=svn_users,OU=Distribution Groups,OU=_Global,OU=tstou,DC=tstdc,DC=tstcorp,DC=com)) and please note that I was able to import the users from it. Any idea?
Mand
OK, what other settings do you have in the LDAP location screen? The above query worked to retrieve users when you first tested this right?
tamas.szerb
I have attached all details because BB tried to strip and encode a lot of elements.
Mand
There doesn't look to be anything wrong with that tbh. The fact that it pulls your test user in shows that the user exists and that the LDAP connection is working. Can you show us the contents of 50-repositories.conf, and 35-ldap.conf (again, remove any sensitive data, or feel free to PM me the contents)?
Mand
The contents of the error log would help too.
tamas.szerb
Hello,
The configuration is attached (and removed sensitive data).
When I want to svn co:
Running post_send hooks
ah_post_send (#1), code is 500 (want 401), WWW-Authenticate is (none)
Request ends, status 500 class 5xx, error line:
500 Internal Server Error
Running destroy hooks.
Request ends.
svn: Server sent unexpected return value (500 Internal Server Error) in response to OPTIONS request for 'https://ubersvn.tst.com:9880/tst'
sess: Destroying session.
sess: Destroying session.
the only log what can I find here:
tail -f ubersvn/data/logs/*
==> ubersvn/data/logs/catalina.out <==
[20 Mar 2013 13:38:22] INFO - Fetching tweets from ubersvn
==> ubersvn/data/logs/ubersvn.log <==
[20 Mar 2013 13:38:22] INFO (?:?) - Fetching tweets from ubersvn
==> ubersvn/data/logs/catalina.out <==
[Fatal Error] :58:3: The element type "meta" must be terminated by the matching end-tag "".
[20 Mar 2013 13:43:24] INFO - Fetching tweets from ubersvn
[Fatal Error] :58:3: The element type "meta" must be terminated by the matching end-tag "".
==> ubersvn/data/logs/ubersvn.log <==
[20 Mar 2013 13:43:24] INFO (?:?) - Fetching tweets from ubersvn
==> ubersvn/data/logs/catalina.out <==
[20 Mar 2013 13:48:24] INFO - Fetching tweets from ubersvn
[Fatal Error] :58:3: The element type "meta" must be terminated by the matching end-tag "".
==> ubersvn/data/logs/ubersvn.log <==
[20 Mar 2013 13:48:24] INFO (?:?) - Fetching tweets from ubersvn
so this is quite odd, no usable error message,
when I try to:
/usr/bin/ldapsearch -x -H ldap://ldap.tst.com/ -b "dc=xxx,dc=xxx,dc=xxx" -D 'CN=Test\, User,OU=Standard users,OU=Users,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx' -W '(&(objectClass=user)(employeeNumber=*)(employeeType=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))' samaccountname
It can bind to the LDAP w/o any glitch and gives back the logins correctly; so I don't see any issue with the LDAP connection/bind.
Any idea?
Mand
You should have a bunch more logs available, specifically access_log, error_log, svn_logfile.
Mand
A couple of further points: - if the apache error logs are not in ubersvn/data/logs its worth checking what the contents of ubersvn/conf/httpd.conf are as you'll find the error log location there. - we don't sell Access Control as an app in uberSVN anymore, we do sell Access Control as a standalone product though. I can put you in touch with our sales team if you'd like to investigate that more?